REVIEW: "Kerberos: The Definitive Guide", Jason Garman

BKKRBSDG.RVW 20031018

"Kerberos: The Definitive Guide", Jason Garman, 2003, 0-596-00403-6,
U$34.95/C$54.95
%A Jason Garman
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%D 2003
%G 0-596-00403-6
%I O'Reilly & Associates, Inc.
%O U$34.95/C$54.95 800-998-9938 fax: 707-829-0104
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%P 253 p.
%T "Kerberos: The Definitive Guide"

Kerberos is not flashy, but it is a venerable and mature technology.
Yes, it has limited scalability, but most of the "successful" PKI
(Public Key Infrastructure) projects are small enough that they could
easily have been accomplished with Kerberos technology: an eminently
elegant solution to the problem of communicating and authenticating
over any channel that is, or must be, assumed to be insecure.

Chapter one provides a history, base concepts, and variants of
Kerberos. Terms and components are given in chapter two. The
Needham-Schroeder work, and the idea of ticket-granting, is in chapter
three. Implementation, in chapter four, reviews design, UNIX and
Windows servers, and special considerations for a mixed environment.
The troubleshooting chapter, five, for once comes early enough in a
book to be of use. Security aspects external to Kerberos, and
specific settings for different implementations, are covered in
chapter six. Chapter seven looks at some generic support for
applications, as well as some specific programs that already have
Kerberos support built in. Cross realm trust is one of the advanced
topics, but most of chapter eight concentrates on special requirements
for Windows. Chapter nine is a kind of review of the book, involving
the various topics that have been discussed in a sample Kerberos
installation. Chapter ten looks at the future of Kerberos, with
possible public key additions, Web applications, and smartcards. An
appendix contains an administrative command list.

While Kerberos may not be as highly regarded as the more
mathematically complex asymmetric cryptographic systems, it still have
many uses, and this book provides the outline, background, and details
to help you take full advantage of them.

copyright Robert M. Slade, 2003 BKKRBSDG.RVW 20031018

--
======================

"If you do buy a computer, don't turn it on." - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-
or techbooks-

Rob Slade, doting grandpa of Ryan and Trevor

"Rob Slade, doting grandpa of Ryan and Trevor" <> wrote in
message news:3tRRb.221$...
> BKKRBSDG.RVW 20031018
>
> "Kerberos: The Definitive Guide", Jason Garman, 2003, 0-596-00403-6,
> U$34.95/C$54.95

Hmm. Not quite as detailed as usual.. you had a hot date? ;o) [potential
flamers please note Rob's "handle" before replying. Not that it'll stop
you...]

Seriously, though, interesting reviews of what could be very expensive
mistakes & /please/ keep up the good work..

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!